Hello,
A ListGrid in our application was having display issues recently. This was because “<table>” and other similar values are valid for this component in our application and were being interpreted as HTML tags. I found the escapeHTML property that provides a solution to the display issue, however I have a couple questions related to this.
Does SmartClient have built in validation to prevent <script> tags from being evaluated if loaded in a ListGrid or submitted in a DynamicForm? In other words, must the escapeHTML property be set to true for all fields if we want to prevent <script> tags from being evaluated within grids or forms? I have done some testing in our application to see if this is the case but have not been able to execute any JavaScript using <script> tags in a ListGrid or DynamicForm. All I have been able to do is replicate and expand on the odd display behavior with <table> tags.
Also, is there a simple way to set the escapeHTML property at the ListGrid or DataSource level so that it applies to all fields in that component? I have found a way to do it by looping through each field in a grid and using setFieldProperties in JavaScript, but I wanted to double check if that is the best approach.
I apologize if this has been addressed in another forum post; I could not find one. Please let me know if any further information or clarification is needed. Thank you!
SmartClient Version: v12.1p_2021-06-05/Pro Deployment (built 2021-06-05)
A ListGrid in our application was having display issues recently. This was because “<table>” and other similar values are valid for this component in our application and were being interpreted as HTML tags. I found the escapeHTML property that provides a solution to the display issue, however I have a couple questions related to this.
Does SmartClient have built in validation to prevent <script> tags from being evaluated if loaded in a ListGrid or submitted in a DynamicForm? In other words, must the escapeHTML property be set to true for all fields if we want to prevent <script> tags from being evaluated within grids or forms? I have done some testing in our application to see if this is the case but have not been able to execute any JavaScript using <script> tags in a ListGrid or DynamicForm. All I have been able to do is replicate and expand on the odd display behavior with <table> tags.
Also, is there a simple way to set the escapeHTML property at the ListGrid or DataSource level so that it applies to all fields in that component? I have found a way to do it by looping through each field in a grid and using setFieldProperties in JavaScript, but I wanted to double check if that is the best approach.
I apologize if this has been addressed in another forum post; I could not find one. Please let me know if any further information or clarification is needed. Thank you!
SmartClient Version: v12.1p_2021-06-05/Pro Deployment (built 2021-06-05)
Comment